Page 212 - Hands-On Bug Hunting for Penetration Testers
P. 212
1 13
Going Further
Hopefully, you've found the resources contained in this book useful. As you look to expand
your interest in infosec, vulnerabilities, and public bug bounty programs in particular, there
are plenty of great resources to help you on your way.
In this chapter, I've tried to collect a smattering of some of the best community sites,
curated blogs, educational resources, bug report archives, and finally, a glossary of some of
the more important (and opaque) security terms used by this and other books. This chapter
should be a nice reference going forward, acting as your springboard as you dive deeper
into the world of independent, freelance security research.
Blogs
Blogs, both company-authored and personal, are great ways to get keyed into new
resources and methods from an informed source who you trust to curate the news you care
about. The blogs we're including here focus more on pentesting and bug bounty
participation than infosec or cybersecurity, generally. Though there are a lot of great blogs
by industry experts bsuch as Bruce Schneier's Schneier on Security or Brian Krebs' Krebs on
Security bthat can be counted upon for rigorous, technically-informed articles on popular
security topics, providing a thorough accounting of those sort of general infosec outlets is
beyond our scope.
The SANS Institute
Providing training and education around cybersecurity since 1989, the SANS institute
(which stands for SysAdmin, Audit, Network, and Security) runs a blog (IUUQT QFO
UFTUJOH TBOT PSH CMPH ) which can be a great resource for short instructional articles and
simple references. Their series of cheat sheets containing short digests of basic commands
for selected tools is a great first resource when you're exploring adopting something new.
